Image forming apparatus, interruption management method, and computer program product

ABSTRACT

A user-interface unit receives a request from a user. A control unit performs an execution control in response to the request received by the user-interface unit, and during an execution process, performs an interruption process and an authentication process. An application-logic unit provides a plurality of functions related to an image forming process. A device-service unit provides a shared service for the application-logic unit.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation application of U.S. patentapplication Ser. No. 12/051,226, filed Mar. 19, 2008, now U.S. Pat. No.8,218,165 which claims priority to Japanese Patent Application Nos.2007-079242 filed in Japan on Mar. 26, 2007 and 2008-004866 filed inJapan on Jan. 11, 2008. The contents of the above applications areincorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an image forming apparatus, aninterruption management method, and computer program product.

2. Description of the Related Art

There has been known image forming apparatus that have various functionssuch as a printer, a copier, a facsimile machine, and a scanner(hereinafter, “multifunction product”).

Some of multifunction products, specifically designed to be shared by aplurality of users, have an interruption function that allowsinterrupting a current job in action and then executing an interruptionjob that is accepted later. This interruption function is helpful, forexample, during a mass copy job. One of multifunction products havingthe interruption function is disclosed in, for example, Japanese PatentApplication No. 3340299. The interruption function makes themultifunction product to improve its usability and its operationefficiency.

However, the multifunction product disclosed in Japanese Patent No.3340299 cannot exclude a non-authentic interruption process by amasquerade third party who pretends to be an authentic user. Moreparticularly, while the authentic user of a current job in action isabsent from the multifunction product, the masquerade third partypretending to be the authentic user can interrupt the current job andexecutes an interruption job. If the multifunction product charges basedon jobs, a non-authentic interruption causes an inappropriate charge.

SUMMARY OF THE INVENTION

It is an object of the present invention to at least partially solve theproblems in the conventional technology.

According to an aspect of the present invention, there is provided animage forming apparatus having a plurality of functions related to animage forming process. The image forming apparatus includes auser-interface unit that receives a request from a user; a control unitthat performs an execution control in response to the request receivedby the user-interface unit, and during an execution process, performs aninterruption process and an authentication process; an application-logicunit that provides the functions related to the image forming process;and a device-service unit that provides a shared service for theapplication-logic unit.

Furthermore, according to another aspect of the present invention, thereis provided a method of managing an interruption in an image formingapparatus having a plurality of functions related to an image formingprocess. The method includes request managing including a user-interfaceunit receiving a request from a user; execution controlling including acontrol unit performing an execution control in response to the requestreceived at the request managing, and during an execution process,performing an interruption process and an authentication process;function providing including an application-logic unit providing thefunctions related to the image forming process; and device providingincluding a device-service unit providing a shared service for theapplication-logic unit.

Moreover, according to still another aspect of the present invention,there is provided a computer program product comprising acomputer-usable medium having computer-readable program codes embodiedin the medium that when executed cause a computer to execute requestmanaging including a user-interface unit receiving a request from auser; execution controlling including a control unit performing anexecution control in response to the request received at the requestmanaging, and during an execution process, performing an interruptionprocess and an authentication process; function providing including anapplication-logic unit providing the functions related to the imageforming process; and device providing including a device-service unitproviding a shared service for the application-logic unit.

The above and other objects, features, advantages and technical andindustrial significance of this invention will be better understood byreading the following detailed description of presently preferredembodiments of the invention, when considered in connection with theaccompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram for explaining the software configuration of amultifunction product (MFP) according to a first embodiment of thepresent invention;

FIG. 2 is a block diagram for explaining processes performed bycomponents of the MFP shown in FIG. 1;

FIG. 3 is a block diagram for explaining the data formation of a sessionused in the MFP;

FIG. 4 is a schematic diagram of an operation unit of the MFP;

FIG. 5A is a schematic diagram of an authentication screen for login;

FIG. 5B is a schematic diagram of a login screen requiring a noncontactintegrated-circuit (IC) card;

FIG. 5C is a schematic diagram of a login screen requiring acontact-type IC card;

FIG. 5D is a schematic diagram of an authentication screen for aregistered user;

FIG. 5E is a schematic diagram of an authentication-failure screen;

FIG. 5F is a schematic diagram of an authentication-success screen;

FIG. 6A is a schematic diagram of an operation screen during copying;

FIG. 6B is a schematic diagram of an authentication screen in responseto an interruption request;

FIG. 6C is a schematic diagram of another authentication-failure screen;

FIG. 6D is a schematic diagram of an interruption-operation screen thatappears when the authentication succeeds;

FIG. 6E is a schematic diagram of a lock screen;

FIG. 7A is a schematic diagram of an interruption screen requiring thenoncontact IC card;

FIG. 7B is a schematic diagram of an authentication screen requiring thecontact-type IC card;

FIG. 7C is a schematic diagram of a lock screen requiring the noncontactIC card;

FIG. 8A is a schematic diagram of an interruption screen requiring thecontact-type IC card;

FIG. 8B is a schematic diagram of an insert requiring screen thatappears when the contact-type IC card is removed;

FIG. 8C is a schematic diagram of a lock screen requiring thecontact-type IC card;

FIG. 8D is a schematic diagram of an interruption-release screenrequiring the contact-type IC card

FIGS. 9 to 11 are sequence diagrams for explaining process performed bythe MFP;

FIG. 12 is a block diagram for explaining the hardware configuration ofthe MFP;

FIG. 13 is a functional block diagram of an MFP according to a secondembodiment of the present invention;

FIG. 14 is a functional block diagram of a conventional MFP;

FIGS. 15A and 15B are schematic diagrams for explaining how the screenchanges between the operation screen and the login screen;

FIG. 16 is a schematic diagram of another example of the login screenwith a login-user list;

FIG. 17 is a block diagram for explaining the data formation of asession used in an image forming apparatus according to a thirdembodiment of the present invention;

FIG. 18 is a sequence diagram in which different operation screenappears depending on whether a login session of an authentic user ispresent;

FIG. 19 is a sequence diagram for explaining a process in which anidentical user interrupts a job in action that is issued by theidentical user and executes a new job; and

FIG. 20 is a sequence diagram for explaining a logout process after amultiple interruption.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Exemplary embodiments of the present invention are described in detailbelow with reference to the accompanying drawings.

FIG. 1 is a block diagram for explaining the software configuration of amultifunction product (MFP) 10. The software configuration of the MFP 10is separated into three layers, i.e., a presentation layer 12, a logiclayer 14, and a device layer 16, each of which includes at least onecomponent. The software configuration of the MFP 10 provides a sharedfeature 18 that can be used by any layers, besides. When a process ischanged in any one of the presentation layer 12, the logic layer 14, andthe device layer 16, the other two layers are not subjected to thechange.

The MFP 10 includes functions such as a user interface (UI) 120, acontrol 140, an application logic 150, a device service 160, a device170, and an aspect 180.

The UI 120 is a component of the presentation layer 12. The control 140and the application logic 150 are components of the logic layer 14. Thedevice service 160 and the device 170 are components of the device layer16. The aspect 180 belongs to the shared feature 18.

The UI 120 receives a request from a user or a subscriber of apredetermined web service, and transfers a right to execute the requestto the control 140.

Upon receiving the right to execute the request from the UI 120, thecontrol 140 activates a function required to implement the request. Theactivated function can be a single function such as reading or printingthat is executed by a single device or can be a combination of singlefunctions such as copying or sending of a scanned image. The applicationlogic 150 is a group of functions provided by the MFP 10. Theapplication logic 150 has functions such as receiving or sending, inaddition to the scanning or the printing.

The device service 160 is a component having a sub-function that iscommonly used by the application logic 150. The device 170 is acomponent for operating an operation system (OS) or hardware for adevice control. The OS and the hardware are wrapped so that any changein the OS or the hardware cannot affect an upper layer.

The aspect 180 uses a logic that can affect the above-describedsub-components. More particularly, the aspect 180 performs accesscontrol, recording logs, or charging. This makes it possible to avoidspecification changes, which are caused from plug-in and customizationof a sub-component, concentrating in the logic.

FIG. 2 is a block diagram for explaining processes performed by thecomponents. Given below is an explanation of a process during copyprocessing. Upon receiving a copy request from a user, a local UI (notshown) of the UI 120 sends the copy request to a session management 142and a request management 144 of the control 140. Explained from the timeorder, the session management 142 determines whether the user isauthentic. When the user is authentic, the UI 120, which works as theapplication, appears so that circumstances that allow receiving arequest are prepared. When the user fixes a target job and presses astart key 34, the UI 120 sends the session information that is obtainedfrom a result of the authentication and a request (job information) tothe request management 144.

The session management 142 has a responsibility to associate a user withan activity (a series of processes executed by the system) during aperiod from login to logout of the user (hereinafter, “session”). Thesession management 142 performs a user authentication to identify a userwho requests an operation. A salient feature of the first embodiment isto request, in response to a request of interruption, the user to enterauthentication information or to display a lock screen at the end of theinterruption. When the session management 142 determines that the useris authentic, the session management 142 creates a session and sends thecreated session to the request management 144. On the other hand, whenthe session management 142 determines that the user is not authentic,the session management 142 does not create a session. The sessionmanagement 142 does not delete the authentication information until itsexpired time of the session. If a sequential interruption by theidentical user happens, the session management 142 can skip a passwordcheck in a second or afterward user authentication. This allows theidentical user to save entering the password again. Moreover, thesession management 142 can skip the lock screen to be displayed at theend of the sequential interruption by the identical user. This allowsthe identical user to save entering the password again.

The request management 144 decides the order of executing a plurality ofrequests, and causes the requests to be executed in accordance with theorder. The request management 144 manages a lifecycle of a request, andreturns an abnormal request-termination to a normal process. The requestmanagement 144 does not execute the application until receiving a validsession from the session management 142. The application cannot beexecuted by any unit other than the request management 144. The validsession indicates a session associated with an ID of a user who has anauthority to execute the application.

A data management 162 of the device service 160 manages user informationor the like that is commonly used. For example, the session management142 acquires target user information from the data management 162 toperform the user authentication.

FIG. 3 is a block diagram for explaining the data formation of a sessionused in the MFP 10. The session includes an anonymous session 20, alogin session 22, a login session (interruption flag ON) 24, a screencontexts 26 and 28.

The anonymous session 20 is created at a system startup. The loginsession 22 is created at a login. The login session (interruption flagON) 24 is created at an interruption. The screen contexts 26 and 28 areused to re-build a screen that appears after a release of aninterruption and a release of a lock screen.

The session information is sent from the session management 142 to therequest management 144 to start a request or to request an interruption.Thus, it is possible to perform an access control or a charge controlbased on the session information (user ID) after the execution of theapplication.

FIG. 4 is a schematic diagram of an operation unit 30 of the MFP 10. Theoperation unit 30 includes a liquid-crystal-display (LCD) touch panel45, a numeric keypad 32, a clear/stop key 33, the start key 34, awarm-up key 35, a reset key 36, an interruption key 37, an initialsettings key 38, an add new-job key 39, a job list key 40, a copy key43, and a copy server key 44.

Various operation screens are displayed on the LCD touch panel 45depending on functions. The user presses a button on the LCD touch panel45 or manipulates the numeric keypad 32 thereby executing a targetfunction of the MFP 10.

Given below is an explanation of a process performed by the MFP 10 withreference to exemplary operation screens shown in FIGS. 5 to 8 andsequence diagrams shown in FIGS. 9 to 11.

FIG. 5A is a schematic diagram of an authentication screen for login;FIG. 5B is a schematic diagram of a login screen requiring a noncontactIC card; FIG. 5C is a schematic diagram of a login screen requiring acontact-type IC card; FIG. 5D is a schematic diagram of anauthentication screen for a registered user; FIG. 5E is a schematicdiagram of an authentication-failure screen; and FIG. 5F is a schematicdiagram of an authentication-success screen.

FIG. 6A is a schematic diagram of an operation screen during copying;FIG. 6B is a schematic diagram of an authentication screen in responseto an interruption request; FIG. 6C is a schematic diagram of anauthentication-failure screen; FIG. 6D is a schematic diagram of aninterruption-operation screen that appears when the authenticationsucceeds; and FIG. 6E is a schematic diagram of a lock screen.

FIG. 7A is a schematic diagram of an interruption screen requiring anoncontact IC card; FIG. 7B is a schematic diagram of an authenticationscreen requiring the contact-type IC card; and FIG. 7C is a schematicdiagram of a lock screen requiring the noncontact IC card.

FIG. 8A is a schematic diagram of an interruption screen requiring thecontact-type IC card; FIG. 8B is a schematic diagram of an insertrequiring screen that appears when the contact-type IC card is removed;FIG. 8C is a schematic diagram of a lock screen requiring thecontact-type IC card; and FIG. 8D is a schematic diagram of aninterruption-release screen requiring the contact-type IC card.

FIGS. 9 to 11 are sequence diagrams for explaining the process performedby the MFP 10. FIG. 12 is a block diagram for explaining the hardwareconfiguration of the MFP 10.

When the UI 120 notifies at a system startup the session management 142that a session starts (Step S200), the session management 142 createsthe anonymous session 20 (Step S202) and returns the anonymous session20 to the UI 120 (Step S204).

After detecting a login/logout key 41 shown in FIG. 4 is presses (StepS206), the UI 120 sends a login request to the session management 142(Step S208). The session management 142 requests the UI 120 to send theauthentication information (Step S210). The UI 120 displays the loginscreen (Step S212), and receives an input operation from the user (StepS214).

The login screen shown in FIG. 5A can receives authenticationinformation such as a username and a password. When the user entersauthentication information and presses an OK button, the UI 120 receivesthe authentication information. The session management 142 acquirestarget user information from the data management 162 (Step S216), anddetermines whether the user is authentic by comparing the authenticationinformation with the target user information (Step S218). The sessionmanagement 142 creates a login session (Step S220) and returns thecreated login session to the UI 120 (Step S222).

When the session management 142 determines that the user is authentic,the UI 120 acquires a default screen data corresponding to the user fromthe data management 162 (Step S224). As a result, a copy operationscreen shown in FIG. 5F appears (Step S226).

When the session management 142 determines that the user is notauthentic, the authentication-failure screen shown in FIG. 5E appears.Although the authentication-failure screen says “authentication failed”simply, it is possible to add a cause of failure, i.e., which one isincorrect between the username and the password. When the retry buttonis presses or when a predetermined time has been passed without a pressof the retry button, the login screen shown in FIG. 5A appears again. Ifonly the password is incorrect, it is possible to display the loginscreen shown in FIG. 5D to enter only the password.

Instead of typing the username, it is allowable to use an IC card forentering a user ID that is equivalent to a username by holding anoncontact IC card over the sensor (see, FIG. 5B) or by inserting acontact-type IC card (see, FIG. 5C). After the user is determined to bea registered user through the noncontact IC card or the contact-type ICcard, the login screen, as shown in FIG. 5D, for requesting only apassword is displayed to perform the authentication.

After that, the user sets a desired mode using theauthentication-success screen shown in FIG. 5F and presses the start key34. Upon detecting the start key 34 presses (Step S228), the UI 120sends the login session 1 and a request 1 to the request management 144(Step S230). The request management 144 executes the application (StepS232), and then the application logic 150 returns a job 1 to the requestmanagement 144 (Step S234). The operation screen shown in FIG. 6Aappears during copying.

When another user presses the interruption key 37 during the copying, alight emission diode (LED) of a hard key turns ON and the UI 120 detectsthe interruption key 37 presses (Step S236) and requests the sessionmanagement 142 to start login (Step S238). The salient feature of thefirst embodiment is to request the user authentication, i.e., processesfrom Steps S208 to S226 in response to the interruption. When theinterruption authentication screen shown in FIG. 6B is displayed, theinterrupting user who requests the interruption enters his/her usernameand password.

When the session management 142 determines that the interrupting user isnot authentic, the authentication-failure screen shown in FIG. 6C isdisplayed. The interrupting user has to select either cancelling theinterruption or retrying the authentication information. Although theauthentication-failure screen says “authentication failed” simply, it ispossible to add a cause of failure, i.e., which one is incorrect betweenthe username and the password. When the interrupting user selectscancelling or when a predetermined time has been passed without a pressof the retry button, the copy operation screen shown in FIG. 6A appearsagain. If the interrupting user selects retrying, the authenticationscreen shown in FIG. 6B appears again.

When the session management 142 determines that the interrupting user isauthentic, the session management 142 returns a login session 2 to theUI 120 (Step S240). Upon detecting the start key 34 presses (Step S242),the UI 120 sends the login session 2 and a request 2 to the requestmanagement 144 and requests the request management 144 to perform theinterruption (Step S244). Thereby, the request management 144 causes theapplication logic 150 to interrupt the job 1 that is in action (StepS246) and execute the request 2 as an interrupting job (job 2) (StepS248). After starting the job 2, the application logic 150 returns thejob 2 to the request management 144 (Step S250). Upon receiving the job2, the request management 144 returns to the UI 120 that theinterrupting job is in action (Step S252). While the interrupting job isin action, the operation screen shown in FIG. 6D is displayed (StepS254).

After the interrupting job has been finished, the interrupting userpresses the interruption key 37 again so that the LED turns OFF. Upondetecting the interruption key 37 re-presses (Step S256), the UI 120causes the request management 144 to release the interruption (StepS258). In response to the release, the request management 144 causes theapplication logic 150 to resume the interrupted job 1 (Step S260). Thesalient feature of the first embodiment is to display the lock screenshown in FIG. 6E at the end of the interruption. This makes it possibleto prevent an un-authorized third party from pretending to be theauthentic user of the job interrupted due to the interruption.

There are two methods of setting a display/hide mode of the lock screento be displayed at the end of interruptions. In the first method, thedisplay/hide mode of the lock screen is selected depending on theoperational circumstances and is set as initial settings or settingsdecided by an administrator. In the second method, the display/hide modeof the lock screen can vary depending on each interrupting job using alock key 42 shown in FIG. 4. More particularly, if an interrupting useror an interrupted user presses the lock key 42 at the start or at theend of an interruption, even when the hide mode is selected as theinitial settings or the settings decided by the administrator, the lockscreen appears after the interrupting job has been finished. The lockkey 42 can be either a hard key or a soft key to be displayed on theoperation panel.

It is allowable to appear the lock screen shown in FIG. 6E when apredetermined time has pasted since the last operation while theoperation screen shown in FIG. 6A appears or when the lock key 42 ispressed, in addition to when a re-press of the interruption key 37indicative of the end of the interruption is detected. When the passwordthat is received through the lock screen shown in FIG. 6E is authentic,the operation screen shown in FIG. 6A appears again thereby making itpossible to execute the interrupted copy operation. If the interruptionkey 37 is pressed without receiving a password through the lock screenshown in FIG. 6E, it is possible to display the authentication screenshown in FIG. 6B to perform user authentication to accept anotherinterruption.

Assuming that an authentication using a noncontact IC card and apassword is performed in response to a request of an interruption, theauthentication screen shown in FIG. 7A appears to prompt the user tohold the IC card over the sensor thereby receiving the user ID. When theuser is a registered user, i.e., the system identifies the user, theauthentication screen shown in FIG. 7B appears to prompt the user toenter the password. When the user who is identified through thenoncontact IC card is identical to the user of the interrupted job, itis possible to display the authentication-success screen shown in FIG.6D by skipping the authentication screen shown in FIG. 7B. This allowsthe user to save entering the password.

After the end of the interruption, the lock screen shown in FIG. 7Cappears. If the system determines that a next user is not identical tothe user of the interrupted job, the screen shown in FIG. 7B appears toprompt the next user to enter the password for authentication. When theinterruption key 37 is pressed while the screen shown in FIG. 7Cappears, the screen shown in FIG. 7A requiring an authentication usingthe noncontact IC card appears. If the system then determines from theIC card held over the screen shown in FIG. 7C that the next user isidentical to the user of the interrupted job, the copy operation screenshown in FIG. 6A appears. Although the noncontact IC card is used at thelock release step with the lock screen shown in FIG. 7C, it is allowableto configure to use the password to release the lock.

Assuming that an authentication using a contact-type IC card and apassword is performed in response to a request of an interruption, onlywhen the interrupting user is a non-identical user, the authenticationscreen shown in FIG. 8A appears to prompt the interrupting user toremove the inserted IC card and insert his/her IC card. When the systemdetects that the inserted IC card is removed, the screen shown in FIG.8B appears to prompt the interrupting user to insert his/her IC card.After that, when the system detects that the contact-type IC card isinserted and identifies the interrupting user as a registered user fromthe ID of the newly-inserted IC card, the screen shown in FIG. 7Bappears to prompt the interrupting user to enter his/her password. Onthe other hand, when the interrupting user does not remove the insertedIC card but presses a button on the screen shown in FIG. 8A indicativeof an interruption by the identical user, the system skips the screenshown in FIG. 7B and displays the interruption screen shown in FIG. 6B,i.e., the system does not request the user to enter the password.

When the system detects that the contact-type IC card is removed duringthe operation, the lock screen shown in FIG. 8C appears. If the systemdetects again that an IC card is inserted and determines that thenewly-inserted IC card belongs to a user who is not identical to theuser before the lock starts, the screen shown in FIG. 7B appears toprompt the user of the newly-inserted IC card to enter the password forauthentication. If the interruption key 37 is pressed while the screenshown in FIG. 8C appears, the screen shown in FIG. 8B appears to promptthe user to insert his/her contact-type IC card for authentication. Whenthe system determined that the user who inserts his/her IC card whilethe screen shown in FIG. 8C appears is identical to the user before thelock starts, the copy operation screen shown in FIG. 6A appears. After aseries of events including the authentication success, the end of theinterruption operation with a screen shown in FIG. 6D, and theinterruption release, the screen shown in FIG. 8D appears to prompt theuser to remove the contact-type IC card. Upon detecting the contact-typeIC card is removed, the system displays the lock screen shown in FIG.8C. The lock screen that appears at the end of the interruption or whenthe IC card is removed makes it possible to pretend a third party frompretending to be the authentic user.

FIG. 11 is a continuation of the sequence diagram shown in FIG. 10,i.e., a sequence diagram after Step S258. When the interruption isreleased, the logout process to logout the user who has logged in as theinterrupting user is performed (Steps S262 and S264), and then the UI120 displays the lock screen (Steps S266 and S268). If a new user entersa password and it is determined that the password is correct (Steps S270to S274), the UI 120 displays the copy screen that is used to bedisplayed before the interruption starts (Step S276). More particularly,the UI 120 sends a logout request to the session management 142 (StepS262). Upon receiving the logout request, the session management 142deletes the login session (Step S264). The session management 142requests the UI 120 to perform a re-authentication (Step S266). The UI120 displays the lock screen (Step S268) and receives an input operationfrom the user (Step S270). The session management 142 acquires targetuser information from the data management 162 (Step S272) and comparesthe user information with the authentication information (Step S274).When the session management 142 determines that the user is authentic,the UI 120 returns to the screen context (Step S276).

In the configuration according to the first embodiment, the sessionmanagement 142 and the request management 144 of the control 140cooperate with each other to perform the user authentication beforeaccepting an interruption or after the interruption by displaying thelock screen. This makes it possible to prevent a third party frompretending to be the authentic user. If it is determined from the ICcard or the like that the user is identical, the password check isomitted from the user authentication or the lock screen is skipped. Thisallows the user to save the workload for the authentication therebymaking it possible to obtain a good balance between the usability andthe security.

As for the authentication technology for identifying the user, it ispossible to employ biometrics using, for example, a finger print, aretina, or a vein in addition to the noncontact IC card or thecontact-type IC card. It is also possible to combine biometrics with theIC card, the password, or a universal serial bus (USB) authenticationkey or a radio-frequency identification (RFID) tag. It is allowable touse a lightweight directory access protocol (LDAP) server or an activedirectory server for the authentication instead of the local database.

The system denies a request of an interruption when the user is notauthentic. Moreover, the system can deny a request of an interruptiondepending on information about ranking among users. The informationabout ranking among users is used to compare an interrupted user with aninterrupting user in, for example, the authority or the job level. Thesystem can determine whether a request of an interruption is to beprocessed depending on the information about ranking among users.

FIG. 12 is a block diagram for explaining a hardware configuration ofthe MFP 10. The MFP 10 includes a scanner 50, a plotter 52, a devicecontrol unit 54 that controls the scanner 50 and the plotter 52, anetwork control unit 56 that perform communications by connecting to anetwork, a read only memory (ROM) 58 that stores therein variousprograms, a central processing unit (CPU) 60 that controls each unit ofthe MFP 10 according to the programs in the ROM 58, a random accessmemory (RAM) 62 and a static random access memory (SRAM) 64 that storesvarious data required to control the MFP 10, an image-data memory 66that stores image data read by the scanner 50, an operation panel 68,and an operation control unit 70 that controls the operation panel 68.

The layer structural functions of the MFP 10 as shown in FIG. 1 areimplemented as the CPU 60 executes the program in the ROM 58.

FIG. 13 is a functional block diagram of an MFP 11 according to a secondembodiment of the present invention. FIG. 14 is a functional blockdiagram of a conventional MFP. Salient features of the MFP 11 aredescribed by comparing to the conventional MFP.

The MFP 11 includes, from an upper layer to a lower layer, the UI 120that receives a request from a subscriber, the control 140 that receivesan execution of the request from the UI 120, and the application logic150 that provides a target function under the execution of the requestby the control 140. The UI 120 includes a system UI 122 working as abase, an authentication UI 124 that creates the login screen, and a copyUI 126 that creates the copy screen. The control 140 includes thesession management 142 that associates a user with an activity thereof(a series of processes executed by the system) during a period fromlogin to logout of the user (i.e., during the session) and performs theuser authentication to identifies a user who requests an operation. Theapplication logic 150 includes a copy activity 152 that performs aseries of processes about copy.

The conventional MFP shown in FIG. 14 includes, from an upper layer to alower layer, an application 190 including an application 192 that ismade from a group of software pieces, an application program interface(API) 210 that allows a process request from the application 190 toreceivable using predetermined functions, and a platform 200 thatinterprets the process request from the application 190 and occurs arequest for acquiring a hardware resource. The platform 200 includes asystem control service (SCS) 202 that performs application control,operation-unit control, system-screen display, LED display, resourcemanagement, and interruption-application management and anoperation-panel control service (OCS) 204 that perform control over theoperation panel working as a communications unit. The SCS 202 includesan authentication UI 2020 that creates the login screen.

In the conventional MFP, the application 192 invokes the API 210 andrequests the authentication UI 2020 to perform the authentication viathe API 210 (Step S500). When the authentication succeeds, theauthentication UI 2020 causes the OCS 204 to display the login screen(Step S502). It means that the SCS 202 working as a module is invoked bythe application such as the copy application and the facsimileapplication so that the authentication UI is displayed on the operationscreen for the authentication. A result of the authentication isreturned to the application 192. In the configuration described above,if the application 192 has no program containing a code to invoke theSCS 202 (i.e., code to request for an authentication), the application192 cannot invoke the SCS 202. Therefore, it is possible to perform anapplication process without performing authentication. To add anapplication later, for example, it is necessary to prepare the code torequest for an authentication to be written to each application.

In the MFP 11 in contrast, the system UI 122 is placed upper layer thanany of the applications so that the system UI 122 can perform a processprior to any application does. The system UI 122 requests the sessionmanagement 142 to perform an authentication (Step S300 equivalent toStep S200 in FIG. 9). The session management 142 creates a session (StepS302 equivalent to Step S202 in FIG. 9). The system UI 122 logins (StepS304 equivalent to Step S208 in FIG. 9). The session management 142sends to the authentication UI 124 a request for the authenticationinformation (Step S306 equivalent to Step S210 in FIG. 9). Theauthentication UI 124 then creates the login screen, and displays thelogin screen (Step S308 equivalent to Step S212 in FIG. 9). The systemUI 122 receives authentication information from the user through thelogin screen and performs the authentication using the authenticationinformation (Step S310 equivalent to Step S214 in FIG. 9). Theauthentication information is returned to the session management 142(opposite to the direction in Step S306, i.e., equivalent to Step S210in FIG. 9). Upon receiving the authentication information, the sessionmanagement 142 performs the authentication process (Step S216 andsubsequent steps in FIG. 9).

When the authentication succeeds, the system UI 122 activates the copyactivity 152 (Step S400). The copy activity 152 causes the copy UI 126(Step S402) to display the application UI (Step S404). Steps S400 toS404 are equivalent to Step S226 in FIG. 10. As a result, theapplication is configured capable of performing the authentication, evenif the authentication UI is not installed in the application. Theapplication does not obtain an execution authority until theauthentication succeeds. The application itself is free from theauthentication, and therefore the login authentication is performed evenif the code to request for an authentication is not installed in eachapplication. This allows obtaining a higher security. Moreover, theconfiguration in which it is unnecessary for the application to beinstalled with the authentication code facilitates plug-in developmentthereby facilitating customizing of the MFP.

In the second embodiment modules of the control 140 and the UI 120 areplaced upper than the application logic 150. Therefore, it is possibleto realize a sequence of processes in which the authentication processis performed first and, when the authentication succeeds, the executionby the application follows. This allows obtaining a higher security.Moreover, the configuration in which it is unnecessary for theapplication to be installed with the authentication code facilitatesplug-in development thereby facilitating customizing of the MFP.

There are two cases when an identical user performs a series ofinterruptions. The first case is that, after a first interruption hasfinished and the user logouts, a second interruption process occurs byan identical user (hereinafter, “sequential interruption by theidentical user”). The second case is that the second interruptionprocess by the identical user occurs before the first interruption hasfinished (hereinafter, “multiple interruption by the identical user”).It is possible to skip the user authentication in those two casesbecause the identical user performs a series of interruptions. Thefollowing third case, though not fallen into the serious interruption bythe identical user, can also omit the password check. The third case isthat during executing of a first job of a first user a second userinterrupts the first job and executes a second job, and after that thefirst user interrupts the second job to execute a third job(hereinafter, “multiple interruption by the interrupted user”). A thirdembodiment of the present invention describes various types ofinterruptions.

FIGS. 15A and 15B are schematic diagrams for explaining how the screenchanges between the operation screen and the login screen. An operationscreen 80 shown in FIG. 15B appears when the authentication succeeds;and a login screen 31 shown in FIG. 15A appears when a certain conditionis satisfied while the operation screen 80 appears. The login screen 31prompts a user who requests an operation to enter authenticationinformation that is used to identify the user. When an authenticationsucceeds, the system causes the user to login and displays the operationscreen 80. Thus, the user can operate the MFP 10.

When a predetermined time has pasted since the last operation while thejob is in action and the operation screen 80 appears, the system locksthe screen, logouts, and displays the login screen 31. When apredetermined time has pasted since the last operation while no job isin action, a logout process is performed automatically. When the lockkey 42 is pressed while the operation screen 80 appears, the loginscreen 31 appears. When the login/logout key 41 is pressed, a logoutprocess is performed and the login screen 31 appears. Thus, the lockscreen can be used as the login screen.

The interruption process means a process of interrupting a first job inaction and executing a second job prior to the interrupted first job. Afirst user of the first job can be either identical or non-identical toa second user of the second job. In a multiple interruption, that is, acase that a third user interrupts the second job to execute a third jobprior to the second job, the second user can be either identical ornon-identical to the third user.

It is possible to make indicators appear on the operation screen 80 suchas a current-username indicator 82 that indicates current username whooperates the operation unit (e.g., username A), a number-of-login userindicator 84 (e.g., 1), and an interruption indicator 86 that appearsduring the interruption process.

If during executing of a first job of a first user a second user triesto interrupt the first job to execute a second job where the first userand the second user are not identical, the second user presses theinterruption key 37 to make the login screen 31 appear. The second userthen enters the authentication information. When the authenticationsucceeds, the operation screen 80 appears allowing the second user toperform an interruption process.

The sequential interruption by the identical user occurs when theidentical user logouts at the end of a first interruption process andlogins again within a predetermined period after the logout, and afterthat performs a second interruption process. In the sequentialinterruption by the identical user, it is assumed that the user of thesecond interruption is authentic, i.e., it is impossible for anon-authorized third party to pretend to be the authentic user.Therefore, it is possible to skip the password check to reduce aworkload for the authentication process. The predetermined period isshort enough to assume that after the end of the first interruption thesecond interruption is issued not by an un-authorized third party but bythe identical user because the identical user continues operating theimage forming apparatus. Although the predetermined period is set toseveral minutes (e.g., five minutes) in the third embodiment, thepredetermined period can vary depending on the installation position orthe circumstances of the image forming apparatus. If the user starts anext job after the end of the first interruption job maintaining thelogin state without performing logout, the next job is executed usingthe same interruption session.

The multiple interruption by the identical user occurs when a secondinterruption process by an identical user occurs during a firstinterruption process being in action. When a user tries to perform themultiple interruption by the identical user, the user presses theinterruption key 37. Because the login screen 31 does not appear, theuser can immediately perform a next interruption process. The userauthentication can be skipped to reduce the workload for theauthentication process in the multiple interruption by the identicaluser because the identical user performs the interruption processes. Itis allowable to cause the login screen 31 to appear when theinterruption key 37 is pressed. After that, if the newly-enteredusername is identical to the user of the job in action, the processcontrol can skip the password check.

The multiple interruption by the interrupted user occurs when duringexecuting of a first job of a first user a second user interrupts thefirst job and executes a second job and then the first user interruptsthe second job to execute a third job. The password check in themultiple interruption by the interrupted user, though the interruptionis issued not by the identical user but by the interrupted user, can besaved similarly to that in the sequential interruption by the identicaluser and the multiple interruption by the identical user. If thepassword check is omitted, a workload for the authentication process isreduced.

FIG. 16 is a schematic diagram of another example of the login screen 31with a login-user list 98. The login screen 31 shown in FIG. 16 isobtained by adding the login-user list 98 to the login screen 31 shownin FIG. 15. The system has grasped the login state of users by using thelogin screen. Therefore, it is possible to add the login-user list 98 tothe login screen.

With the login screen 31 shown in FIG. 16, a login user who requests aninterruption can fill the username by selecting his/her username (userA, B, or C) from the login-user list 98 instead of by filling theusername in a username box 90 with a software keyboard that is displayedwhen an input button 92 is pressed. If the login user is the identicaluser or the interrupted user in the sequence interruption by theidentical user, the multiple interruption by the identical user, or themultiple interruption by the interrupted user, the login user can savethe workload of filling a password box 94 with a software keyboard thatis displayed when an input button 96 is pressed. That is, the login usercan cause the authentication process to start just by selecting his/herusername from the login-user list 98 and then pressing an OK button 99.

FIG. 17 is a block diagram for explaining the data formation of asession used in an image forming apparatus according to the thirdembodiment. The session includes an anonymous session 100, a loginsession 102, a screen context 103, a login session 104, a screen context105, an interruption session 106 that is issued by an identical user whoissues the login session 102, and a screen context 107.

The anonymous session 100 is created at a system startup. The loginsession 102 by a user-ID (A) is created at a login. The login session104 by a user-ID (B) is created at an interruption for interrupting thelogin session 102. The interruption session 106 is created when theidentical user-ID (A) interrupts the login session 102.

FIG. 18 is a sequence diagram in which different operation screenappears depending on whether a login session of the authentic user ispresent. When the session management 142 determines whether a loginsession of the authentic user is present (Step S219-1) and thendetermines that a login session of the authentic user is present (Yes atStep S219-1), the session management 142 returns a latest session of theauthentic user to the UI 120 (Step S219-2). In a case of the dataformation shown in FIG. 17, if the user ID of the authentic user is theuser-ID (A), the latest session corresponds to the interruption session106. If the user ID of the authentic user is the user-ID (B), the latestsession corresponds to the login session 104. When the interruption isreleased or a login user logs in again (i.e., when the lock screen inthe first embodiment is released), the screen is re-built based oncontext information obtained from the screen context 103, 105, or 107.

The session information is sent from the session management 142 to therequest management 144 in response to a request of a job or a request ofan interruption. Therefore, it is possible to perform an access controlor a charge control based on the session information (user ID) relatedto an execution of the application.

FIG. 19 is a sequence diagram for explaining a process in which anidentical user interrupts a job in action that is issued by theidentical user and executes a new job (hereinafter, “interruption by theidentical user”). The interruption by the identical user occurs whenafter a user executes a first job, the user presses the interruption key37 and interrupts the first job in action to execute a second job as ina similar manner to Step S263 show in FIG. 10. This situation willhappen, for example, the user wants to execute one-page copy job whilethe mass copy job by the identical user is in action. When the UI 120detects the interruption key 37 presses (Step S236), the UI 120 requeststhe session management 142 to create an interruption session (StepS237-1). The session management 142 then creates the interruptionsession 106 (Step S237-2) and returns the interruption session 106 tothe UI 120 (Step S273-3).

As described above, it is allowable to interrupt a job in action by theidentical user. If the interruption by the identical user happens, theinterruption session 106 is created. Because the interruption by theidentical user and the sequence interruption by the identical user aresimilar, the user authentication can be skipped. Moreover, because theinterrupted job is issued by the identical user, it is possible toreturn to the interrupted job without authentication, i.e., without thelogin screen that is to be displayed after the end of the interruption.

FIG. 20 is a sequence diagram for explaining a logout process after themultiple interruption. Upon detecting the login/logout key 41 presses(Step S261), the UI 120 sends a logout request to the session management142 (Step S262). Upon receiving the logout request, the sessionmanagement 142 deletes the login session (Step S264) and returns to theUI 120 a parent session of the deleted session (Step S265-1). A parentsession and a child session are used in a relative concept. For example,if the login session 102 is created from the anonymous session 100 thatis created at the system startup, then the anonymous session 100 is aparent session and the login session 102 is a child session. If theinterruption session 106 is created from the login session 102 due to afirst interruption that interrupts the login session 102, then the loginsession 102 is a parent session and the interruption session 106 is achild session. Thus, when the interruption session 106 ends and theinterruption session 106 is deleted (Step S264), the login session 102that is the parent session of the interruption session 106 is returned(Step S265-1). If the login session 102 has already ended, the anonymoussession 100 that is the parent session of the login session 102 isreturned. If the anonymous session is returned, the UI 120 sends, in asimilar manner at the system startup, a login request to the sessionmanagement 142 (Step S265-2), and then Steps S208 to S226 are repeated.

If the returned parent session is a login session by itself or aninterruption session, the authentication process for returning to thesession by itself can be skipped. The UI 120 returns the screen context(Step S265-3) thereby re-building the screen that is used to bedisplayed before the interruption starts based on the contextinformation.

As described above, in the logout process after the multipleinterruption or the like, it is unnecessary to perform theauthentication process to return to the session by itself. Skipping thelock screen to be displayed after the end of the interruption allows theidentical user to save entering the username and the password severaltimes.

According to an aspect of the present invention, although theinterruption UI and the authentication UI are not installed in each ofthe applications, any of the applications can perform the commoninterruption process and the common authentication process.

Moreover, according to another aspect of the present invention, theapplication cannot be activated until the authentication succeeds, whichcan exclude access controls by non-authentic users.

Furthermore, according to still another aspect of the present invention,it is impossible for a non-authentic third party to interrupt a job inaction issued by an authentic user to execute a new job, pretending tobe the authentic user even while the authentic user is absent. This willbring a large effect in job-based charging.

Moreover, according to still another aspect of the present invention, itis possible to determine whether an interruption is to be processedbased on ranking among users in addition to authenticity of the user.The ranking among users can be determined based on, for example,authorities or job levels of users.

Furthermore, according to still another aspect of the present invention,assuming that a case happens in which during a first job of a first userbeing in action a second user interrupts the first job and executes asecond job, and thereafter a third user tries to execute a third job. Ifthe third user is a non-authentic third party and tries to pretend to bethe authentic first user, it is impossible for the third user to executethe third job. On the other hand, the authentic third user can resumethe third job.

Moreover, according to still another aspect of the present invention, itis possible to save the user to enter the password again.

Furthermore, according to still another aspect of the present invention,it is possible to display a suitable operation screen depending onwhether the session information is present, and thereby the user canoperates the image forming apparatus with the suitable operation screen.

Moreover, according to still another aspect of the present invention,even in the multiple interruption happens, it is possible to return tothe session in action by processing a series of sessions in thedescending order from the latest session.

Furthermore, according to still another aspect of the present invention,it is possible to display an operation screen used to be displayed whilean interrupted job is in action.

Moreover, according to still another aspect of the present invention,the user can easily understand whether the image forming apparatus is inthe interruption mode by just looking at the operation screen.

Furthermore, according to still another aspect of the present invention,it is possible to select the lock screen to a display mode or a hidemode. When the hide mode is selected, the user is allowed to saveentering the password. When the display mode is selected, the securityof the image forming apparatus strengthens. It is possible to change themode to be selected depending on situations.

Moreover, according to still another aspect of the present invention, itis possible to decide the display/hide mode of the lock screen dependingon each interruption at the start or the end of the interruption.

Furthermore, according to still another aspect of the present invention,it is unnecessary for the user to type typing the username.

Moreover, according to still another aspect of the present invention, itis possible to prevent an occurrence of the unlocked screen due tocarelessness.

Furthermore, according to still another aspect of the present invention,it is possible to create a program for the interruption process and theauthentication program commonly used from any application, even when theprogram is not installed in the application.

Although the invention has been described with respect to specificembodiments for a complete and clear disclosure, the appended claims arenot to be thus limited but are to be construed as embodying allmodifications and alternative constructions that may occur to oneskilled in the art that fairly fall within the basic teaching herein setforth.

1. An apparatus, comprising; an interruption request receiving unitconfigured to receive an interruption request from a user to suspend anexecuting process of a job and interrupt another job; and a control unitconfigured to control an execution process of the another job inresponse to the interruption request received by the interruptionrequest receiving unit, wherein the control unit is configured toreceive an authentication request to execute an authentication processof the user, and when receiving the authentication request, the controlunit is configured to execute the authentication process of the user,and when the authentication is successful, the control unit isconfigured to execute the another job.
 2. The apparatus according toclaim 1, wherein the control unit is configured to suspend the executingprocess of the job, when the authentication is successful.
 3. Theapparatus according to claim 1, wherein the control unit is configuredto determine whether to execute the another job based on informationindicating a user level.
 4. The apparatus according to claim 1, whereinthe control unit is configured to display a lock screen at an end of theanother job, to request a user authentication, and to return to anoperation screen by an authentication-operation.
 5. The apparatusaccording to claim 1, wherein the control unit is configured to pass apassword check in the authentication process, when the interruptionrequest receiving unit receives the interruption request from the user.6. The apparatus according to claim 1, wherein the control unit isconfigured to display an authentication screen at an end of the anotherjob, when there is a session of the user, to display an operation screencorresponding to the session, when there is no session of the user, todetermine that an interruption occurs, and to create a new session anddisplay an operation screen corresponding to the new session.
 7. Theapparatus according to claim 5, wherein the control unit is configuredto pass the authentication process, when there is the session of theuser and a job is being executed in a returned session, and when thereis an interruption by the user.
 8. The apparatus according to claim 5,wherein the control unit is configured to display an operation screencorresponding to a latest session when there is a plurality of sessionsof the user.
 9. The apparatus according to claim 5, wherein the controlunit is configured to display an operation screen of a latest sessionwithout performing the authentication process, after the user ends aninterruption, when at least one session of the user is left.
 10. Theapparatus according to claim 5, wherein the control unit is configuredto display the operation screen on which a username of the user, anumber of login users, and an icon indicating that an interruptionprocess is running, while suspending other jobs.
 11. The apparatusaccording to claim 1, wherein the control unit is configured to pass apassword check in the authentication process since a second timeinterruption request, when there are a series of interruption requestsfrom a same user.
 12. The apparatus according to claim 10, wherein thecontrol unit is configured to pass a password check in theauthentication process, when there is a second interruption request froma same user within a predetermined time after a first interruptionprocess is finished.
 13. The apparatus according to claim 3, wherein thecontrol unit is configured to skip a lock-screen display at an end of aninterruption since a second time of interruption request, when there isa second interruption request from a same user.
 14. The apparatusaccording to claim 3, wherein the control unit is configured to allow asetting of displaying the lock screen at the end of the another job. 15.The apparatus according to claim 13, wherein the control unit isconfigured to allow the setting of displaying the lock screen by a lockkey on each interruption job.
 16. The apparatus according to claim 14,wherein the control unit is configured to skip displaying the lockscreen, when the setting of displaying the lock screen is off, to returnto an operation screen prior to the another job, at an end of theanother job, when the another job that is executed with displaying thelock screen by a lock key is terminated, to display the lock screen. 17.The apparatus according to claim 1, wherein the authentication processincludes a combination of a presentation of a noncontactintegrated-circuit card and an input of a password.
 18. The apparatusaccording to claim 1, wherein the authentication process includes acombination of a presentation of a contact-type integrated-circuit cardand an input of a password; and the control unit is configured todisplay a lock screen when the contact-type integrated circuit isremoved.
 19. A method of managing an interruption in an apparatus, themethod comprising: receiving an interruption request from a user tosuspend an executing process of a job and to interrupt another job; andcontrolling an execution process of the another job in response to thereceived interruption request, wherein when, during the controllingstep, an authentication request to execute an authentication process ofthe user is received, executing the authentication process, and when theauthentication is successful, executing the another job.
 20. Anon-transitory computer-readable medium having computer-readable programcodes embodied in the medium that, when executed, cause a computer toexecute: receiving an interruption request from a user to suspend anexecuting process of a job and interrupt another job; and controlling anexecution process of the another job in response to the receivedinterruption request, wherein when, during the controlling step, anauthentication request to execute an authentication process of the useris received, executing the authentication process, and when theauthentication is successful, executing the another job.